Forum Discussion

SPCIO's avatar
SPCIO
Copper Contributor
Aug 16, 2023

Allowing personal documents thru email

Hello All, need a help please.

i hae a business case related to DLP. can you please let me know how do we achieve this to Microsoft DLP.

Use Case:  

1. Allow the employees/Users to send their personal documents to their personal mail IDs.

e.g - Form-16, W2, Tax Documents, Health Reports, etc to the gmail.com, outlook.com, etc..

2. Block rest of the documents

3. If User/employee attaches combination of Official Documents and Personal Document, Allow only the personal documents..

 

Can you help how do I achieve this? Also, is there any organisational Business Use Cases/Best Practices information out there? 

Thank you in advance.

  • Hi, SPCIO,

     

    DLP does not have the ability to detect if a specific document pertains only to the sender or if it contains sensitive data about the company. If you tell it to look for any file with a social security number, any file that contains one will be a match to the rule.

     

    However, there is a route available to you for this through Sensitivity Labels. This would be reliant upon your organizations end-user training and adoption but you could create a sensitivity label called "Personal" and then instruct your end-users to use that label on any document that pertains to their personal information, such as their own W-2. 

     

    Similar to DLP, labels will not be able to systematically tell the difference between a personal form with a social security number in it, like a W-2, versus a form containing social security numbers of other employees. Therefore, the success of the label option is 100% user dependent.

     

    If you create this label, you could then exclude the "Personal" label from your DLP policies, which would allow the employee to send it to their personal email address.

Resources